NIST Compliant Sample Boilerplate for AC-5
Disclaimer
This language may need tailoring depending on your organization's and system's policies and procedures. Please use this language as a starting point for considering all the components that encompass this control. Please feel free to reach out to us for any specific questions.
Application Component
Within the <application name> application, separation of duties is enforced through various permission mechanisms. The permission level structure is used to define standard roles in the system, and users in a given role are assigned the permissions necessary to perform assigned duties, and no more. For example, a <role> is only granted permission level <permission level>, which allows him/her to <permissible action>, but not <non-permissible action> or perform other administrative actions. <Role> are granted permission level <permission level>, which allows them to <permissible action>. <Role> are typically granted permission level <permission level>, depending on the specific administrative functions associated with their job responsibilities. Individuals are not permitted to <conflict of interest scenario>, which could create a conflict of interest situation. Access authorizations and separation of duty for the application component are documented in the <document name>.
Infrastructure Component
Mission functions and distinct information system support functions are separated, with <role/designated personnel> performing mission functions, and the Operations Team performing information system support functions. Within the Operations Team, role separation also exists. Individuals responsible for maintaining the servers supporting the application have no access to network security devices such as firewalls, nor do they have database administration privileges. Network and database administrators manage network devices and databases, respectively, but do not manage other system components. The intrusion prevention system is administered by Security Team, separate from system or network administrators. Administration of the audit function is an auditable event, and the identity of the user performing these functions is recorded in the audit trail.
In addition to separation of duties within the Operations Team, other support functions are similarly segregated. System developers can develop software in support of the application, but cannot directly promote and install the code into the production environment. The Configuration Management lead manages the promotion of code to production and audits the contents of software releases, which must be reviewed and approved by the Security Manager (and others) prior to implementation. Implementation of the software build is performed by the Operations team. Access authorizations and separation of duty for the application component are documented in the <document name>.